Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Businesses Government The Courts News

Goldman Sachs Trading Source Code In the Wild? 324

Hangtime writes "The world's most valuable source code could be in the wild. According to a report by Reuters, a Russian immigrant and former Goldman Sachs developer named Sergey Aleynikov was picked up at Newark Airport on July 4th by the FBI on charges of industrial espionage. According to the complaint, Sergey, prior to his early June exit from Goldman, copied, encrypted and uploaded source code inferred to be the code used by Goldman Sachs to process in real-time (micro-seconds) trades between multiple equity and commodity platforms. While trying to cover his tracks, the system backed up a series of bash commands so he was unable to erase his history, which would later give him away to Goldman and the authorities. So the question is: where are the 32MB of encrypted files that Sergey uploaded to a German server?
This discussion has been archived. No new comments can be posted.

Goldman Sachs Trading Source Code In the Wild?

Comments Filter:
  • Surely not? (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Monday July 06, 2009 @07:33AM (#28593155) Journal
    I can't believe that Goldman's algorithmic trading code is more valuable than its list of root passwords to governments all over the world...
    • Re: (Score:3, Informative)

      by McGiraf ( 196030 )

      A root password list is no source code...

      • by Opportunist ( 166417 ) on Monday July 06, 2009 @08:49AM (#28593843)

        No, but you know the old saying. Give a man source code and he'll review for a day. Give a man the right passwords and he'll review source code until he gets locked away.

    • Re:Surely not? (Score:5, Interesting)

      by Richard_at_work ( 517087 ) on Monday July 06, 2009 @07:40AM (#28593211)
      What if having the code allowed you to analyse it for ways to game the system? Knowing precisely how the system will react in certain circumstances could give you a serious leg up when attacking the system on the markets (trade limitations, trend spotting for error codes or edge cases et al).

      This code could be worth significant amounts of money on the international fraud market.
      • Re:Surely not? (Score:5, Insightful)

        by Anonymous Coward on Monday July 06, 2009 @07:59AM (#28593385)

        Exactly. Analyzing the source code will tell you how Goldman Sachs trades its stuff. It's not valuable because it was so expensive to develop this stuff, it's expensive because it shows how they play the game with what kind of strategy, and the stakes of the game is extremely high. It's like knowing how your opponent plays poker when the stakes are on the magnitude of billions of dollars.

        If the source code is in the wild, Goldman Sachs is forced to stop all related real-time trades, because their strategy is completely exposed, and once somebody exploits it, they will lose money really quickly. (Just imagine how many transactions they can make per second, and imagine every one of those transactions lose some money in average.) That means they get forced to leave the market until they develop a new trading system, or at least, re-develop their strategy. That costs a lot of money because they have to stop doing investments and leave the money some place safe.

        • Re:Surely not? (Score:5, Insightful)

          by captainpanic ( 1173915 ) on Monday July 06, 2009 @08:58AM (#28593963)

          The fact that one can compare the strategy in big business with poker shows clearly why I think we're all better off when this whole banking business is downscaled a bit.

          While in the good old days the banking business was simply a place to store and borrow money, it has now become a mess so complicated that nobody really understands it anymore.

          It can be interesting to see what happens next... although I also realize that this accident can cause some innocent people to lose their jobs.

          • Re: (Score:3, Interesting)

            "While in the good old days the banking business was simply a place to store and borrow money, it has now become a mess so complicated that nobody really understands it anymore."

            The real problem is that stocks are a legalized ponzi sceheme and should be done away with entirely, it's basically a ponzi scheme through abstraction using machiens so you don't see the other people trying to fuck one another over for personal gain.

            Securities themselves are the problem they allow the wealthy to suck wealth out of

            • Re: (Score:3, Informative)

              by nacturation ( 646836 ) *

              It's more like multi-level marketing than a ponzi. With a ponzi scheme, it's impossible to carry on long-term because the offer (investment) generally has no intrinsic value whatsoever. With multi-level marketing, the offer (product/service) generally does have value, but it comes with an overly inflated price resulting in a large number of people losing money in order to have others make money.

        • Re: (Score:3, Insightful)

          by sam0vi ( 985269 )

          and once somebody exploits it, they will lose money really quickly.

          Not necessarily. IANAE but they probably make money off the transactions, whoever makes them, and whoever profits from them. I think it would be analogous to obtaining the source code for the DowJones stock scoring system. DJ wouldn't be the first/most affected by it. Please correct me if i'm wrong.

      • Re:Surely not? (Score:5, Insightful)

        by A beautiful mind ( 821714 ) on Monday July 06, 2009 @07:59AM (#28593387)
        Excellent! If knowing the source code for _financial trading mechanisms_ allows for gaming the system, then it's a very good thing that the code was exposed. If anything, I'd expect banking code to resist outside intrusion.
        • Re:Surely not? (Score:5, Interesting)

          by Richard_at_work ( 517087 ) on Monday July 06, 2009 @08:07AM (#28593459)
          I'm not talking about exploits or bugs, I'm talking about knowing *precisely* how the code will react in given circumstances, *precisely* which edge cases are handled in code, *precisely* what results in an error state and how that error state is handled.

          Knowing such things will allow you to tailor your fraudulant trades so as to not raise suspicion, or to make more money within a set amount of time. If you know precisely how far to push your actions, and then push no further, then you could continue with the same fraud for longer than you would otherwise without being discovered. If you know how often the trend analysis reports are run, and how they do what they do, then you can tailor your trades so as to not appear on those reports - just enough, no more.

          All of which means you can make more money without being detected - and you haven't attacked the software itself, you haven't changed how the code works, you have stayed within the boundaries that the software creates. All because you knew *precisely* how the code works.
          • Re:Surely not? (Score:4, Insightful)

            by WindowlessView ( 703773 ) on Monday July 06, 2009 @08:41AM (#28593779)

            I'm talking about knowing *precisely* how the code will react in given circumstances,

            It's an advantage for sure, but maybe not a slam dunk. It's likely that those systems are highly parameter driven. Without knowing the values of whatever tables they have set up for the day/hour/minute your trades could get smacked pretty hard before figuring it out.

          • it would be the insider trading from hell.
          • Re: (Score:3, Interesting)

            by Hatta ( 162192 ) *

            Knowing such things will allow you to tailor your fraudulant trades so as to not raise suspicion, or to make more money within a set amount of time. If you know precisely how far to push your actions, and then push no further, then you could continue with the same fraud for longer than you would otherwise without being discovered

            And if the public has access to this source code, we can figure out how someone trying to avoid detection would behave and nab them. Someone out there has access to this source cod

      • by 192939495969798999 ( 58312 ) <info@nOSPaM.devinmoore.com> on Monday July 06, 2009 @08:07AM (#28593453) Homepage Journal

        Based on what the markets have been up to, I'd say this code has been out there and has been actively exploited for at least 18 months.

      • Re:Surely not? (Score:4, Interesting)

        by infolation ( 840436 ) on Monday July 06, 2009 @08:13AM (#28593529)
        The online gambling industry analyzes the games made on their system against games played by known gambling software to identify players cheating.

        Perhaps GS haven't immediately stopped real-time trading using their existing system because they're able to analyze trades made by other brokerages to identify patterns that would indicate whether their own trading system is being used by others.
      • What if having the code allowed you to analyse it for ways to game the system?

        Then you'd just be another trader in the market. The whole point is to game the system to your advantage

        :

    • Re:Surely not? (Score:4, Insightful)

      by mysidia ( 191772 ) on Monday July 06, 2009 @07:57AM (#28593377)

      Passwords can be easily changed by any old sysadmin, with minimal damage, as long as the passwords are changed quickly, or remote access is locked out, the damage can easily be mitigated very rapidly.

      Changing source code (to allay use of it by the thief to attack its owners, beat GS at their own game, or sell to competitors), is time-consuming, and requires the assistance of many software experts (programmers).

      The damage can only be mitigated by shutting down the system, and waiting a long time for changes to get made, or for the software to get rewritten, to protect against evil third parties knowing the trading system's flaws.

    • This may end up being pretty damned interesting. GS has a long history of market manipulation from insider trading to installing plants in the media through subsidiaries who appear and disappear over-night to gaming IPOs to make sure the right people get a payday (ie. Yang and Yahoo). Though I wouldn't hold my breath, stacking the deck against suckers is generally "nothing to see here" issue.

    • Re:Surely not? (Score:5, Insightful)

      by dkleinsc ( 563838 ) on Monday July 06, 2009 @08:17AM (#28593555) Homepage

      Be fair: Goldman Sachs has way more control over government policies than a mere root password would give them. They don't just have root passwords, they have root passwords, physical access, and insider support.

      • Re:Surely not? (Score:4, Insightful)

        by demachina ( 71715 ) on Monday July 06, 2009 @09:57AM (#28594575)

        There is a pretty good expose [rollingstone.com] up on Rolling Stone describing the nefarious behavior of Goldman Sachs. They are in general what you expect out of Wall Street types, greedy and unscrupulous but very good at what they do. Unfortunately what they are good at is creating devastation in their wake so they can take home multimillion dollar bonuses every year, and completely controlling our government so they can get away with it.

        • Re:Surely not? (Score:4, Insightful)

          by peter_gzowski ( 465076 ) on Monday July 06, 2009 @12:22PM (#28596571) Homepage

          I skimmed the Rolling Stone article, and it was difficult to find any specific evidence for what Taibbi is asserting. I have no doubt that Goldman is a huge behemoth that abuses its position to affect markets in a way that benefits itself at the expense of lower-tier investors, which makes it doubly dissapointing that Taibbi mounts such a weak attack. He chooses to fill his "expose" with invectives like [t]he world's most powerful investment bank is a great vampire squid wrapped around the face of humanity, relentlessly jamming its blood funnel into anything that smells like money. To prove this point, he simply lists the former Goldman employees which are now, or were, in positions of power. I find the Frontline documentaries on this topic to be much more rational and informing:

          http://www.pbs.org/wgbh/pages/frontline/meltdown/view/ [pbs.org]
          http://www.pbs.org/wgbh/pages/frontline/breakingthebank/view/ [pbs.org]

    • Re:Surely not? (Score:4, Interesting)

      by Maxo-Texas ( 864189 ) on Monday July 06, 2009 @10:36AM (#28595047)

      Yes, but the root password list consists of having large numbers of government positions filled with former (and future) GS employees.

      Hard to put that in a suitcase.

      A lot of money was funneled to GS by Paulsen (a GS alumni) and some of their major competitors were crippled.

      Recently close to 40% of NYSE volume was GS which gives them enormous power to manipulate prices.

  • by eldavojohn ( 898314 ) * <eldavojohn AT gmail DOT com> on Monday July 06, 2009 @07:34AM (#28593163) Journal
    Even more interesting is in the second article that notifies us that Goldman Sachs has been removed from the NYSE 15 Most Active Members Firms Weekly Report. GS had been #1 the week before and now they're not even on it. These fifteen firms alone represent about 98% of all trades with the NYSE. So what happened?

    The author mentions some things but gives no clear motivation for GS hiding their stats. I would speculate that if one of your developers copied your code and uploaded it to a server discretely, you could have that in your logs and not notice it for days or weeks. But if he then did something to your system to ensure his new employer's ownership of that code you wuold notice that pretty damn fast I imagine. Sergey Aleynikov sounds like a brilliant coder but maybe he's not so smart on legal issues, is it possible he completely hobbled GS to please his new employer? Are they keeping their transaction report hush hush so investers don't worry? Was Sergey Aleynikov thinking he could sell the code and the rights to the code? After all, if he could remove all copies of the code from GS how could they take people to court over the code without a local copy to prove ownership?

    If GS remained #1, they would have left themselves on the list. I presume that something else related to this has gone wrong with their operation, the news just hasn't broke yet.
    • Re: (Score:3, Interesting)

      by dr.newton ( 648217 )

      It seems unlikely to me that any single person, or even small group of people, would have the capability to remove all copies of this code, binary and source, from the company's information infrastructure.

      Is it possible that they have suspended use of this code because they fear that someone analyzing it could profit from the trades it would have made?

      • by eldavojohn ( 898314 ) * <eldavojohn AT gmail DOT com> on Monday July 06, 2009 @07:48AM (#28593301) Journal

        It seems unlikely to me that any single person, or even small group of people, would have the capability to remove all copies of this code, binary and source, from the company's information infrastructure.

        Ah, the double edged sword of secrecy. Keep the location of your secrets solitary so that you don't have to keep track of multiple copies. With every new location it is stored, the odds of corporate espionage double. Had they ascribed to keep it in one place, this would be all too possible. And let's face it, if you're shelling out $400k to one or two developers, you do checks on them and make sure they can handle the keys to the palace.

        Is it possible that they have suspended use of this code because they fear that someone analyzing it could profit from the trades it would have made?

        I had not thought of this, although I believe these transactions would be done on secure networks with insane encryption. Again, if you're shelling out $400k to a developer, you're probably laying fiber straight to the NYSE's servers from yours or at least including a level of encryption that is so high it would take the NSA days to decrypt it -- rendering the data worthless as it's public by then.

        Still if they don't understand how it works, I could see them doing that. I could not, however, see them sacrificing a week's worth of trading for these fears without first researching them. Do you know how much money and customers that would cost them?

        • including a level of encryption that is so high it would take the NSA days to decrypt it

          Keep in mind that encryption, right now, can be strong enough to take millions of years to decrypt.

          • Re: (Score:2, Informative)

            by eldavojohn ( 898314 ) *

            including a level of encryption that is so high it would take the NSA days to decrypt it

            Keep in mind that encryption, right now, can be strong enough to take millions of years to decrypt.

            You, sir, are correct. Although, I must inquire that if you're making several thousand transactions a week and you're writing software to whereby the transaction frequency matters to you (probably down to the millisecond) do you have the time to waste in encrypting/decrypting this? I would imagine that while it would take millions of years to decrypt it would also take several seconds to encrypt. That's time they don't have.

            Also, if you are doing transaction with foreign institutions or exchanges th

        • by morgan_greywolf ( 835522 ) on Monday July 06, 2009 @08:20AM (#28593591) Homepage Journal

          I had not thought of this, although I believe these transactions would be done on secure networks with insane encryption.

          Knowing the algorithms that Goldman Sachs uses to do realtime trades could possibly give you insider information you wouldn't have otherwise had. When doing realtime transactions, if you know the ORDER Goldman Sachs will use to do the transactions, for instance, you could buy certain stocks a minute or two before Goldman Sachs does...since the act of GS (or anyone) buying a stock will increase its trading price some, and you've just automatically made money and hurt GS at the same time.

          This type of insider trading information will likely result in criminal prosecution by the SEC, however, so don't try this at home, kiddies.

    • After all, if he could remove all copies of the code from GS how could they take people to court over the code without a local copy to prove ownership?

      I don't see how a developer could possibly do that. They must have backups all over the place. Certainly the BOFH could corrupt the backups, but Aleynikov isn't the BOFH.

    • by tacokill ( 531275 ) on Monday July 06, 2009 @07:43AM (#28593241)
      ...or, perhaps last week was a short trading week which cut into the already-low trading volume. Did you by chance compare the overall volume levels when you came up with your theory?

      I am betting you didn't because if you had, you'd see that the volume last week was way lower than the norm.

      More likely, lots of GS traders just took the week off and went on vacation.
      • by Pixie_From_Hell ( 768789 ) on Monday July 06, 2009 @08:22AM (#28593625)
        It's a good alternate theory, but you're a week off:

        On the week ending June 19, Goldman, for instance, was ranked first on the NYSE program trading list. But on the week of June 22, Goldman mysteriously didnâ(TM)t appear on the list of the top 15 firms at all.

        So unless the Fourth of July is celebrated in June, I think that's not the issue.

        Of course, I'm not checking the volume of trading either, so there could be something to your theory. (Of course, if GS bailed out for a week, wouldn't that lower the volume significantly? Weren't they the number one traders?)

  • by DoofusOfDeath ( 636671 ) on Monday July 06, 2009 @07:39AM (#28593195)

    It's funny... I normally find myself loathing companies like Goldman Sachs for hyper-selfish capitalism, finding ways to get rich at taxpayer expense, etc.

    But then, when I see industrial espionage by Russians, Chinese, Israelis, etc. against those very same corporations, a sense of nationalist anger makes me forget my anti-corporatist anger. Somehow I completely fail to have a sense of schadenfreude for the corporations that I normally hate, and I don't know why.

    Being human is strange.

    • by fuzzyfuzzyfungus ( 1223518 ) on Monday July 06, 2009 @07:46AM (#28593283) Journal
      That, my friend, is what having your self interest 0wn3d by your primate instincts feels like.

      Don't worry, multinationals have no such weaknesses, and won't bat an eye when you are on the hook.
      • by Gilmoure ( 18428 ) on Monday July 06, 2009 @09:25AM (#28594243) Journal

        That us-and-them geographical, language or ethnicity identification is pretty weird. Try to cultivate the "scared bunny" / "everyone's out to get me" attitude and you won't feel sorry when a local coyote or mountain lion gets run over by a foreign truck.

        The whole us/them left/right axis is just part of the circuses to distract the crowd. If you really want to see the us/them divide, it's the upper crust Kleptocrats against everyone else. We're all just cattle and cat food to them. The only way they can make the tens of thousands of dollars a minute they do is by harnessing the earning power of lots of ants and skimming off a bit of everyone else's productive power.

        After WWII, the traditional pyramid shape of society (large number or poor, smaller number of middle class and very small number of upper class) changed towards more of a diamond shape. Ever since then, a lot of folks have been trying to revert that, driving down real wage gains while increasing productivity. All that benefit of efficiency has to go somewhere and it's not going down to the poor and it's not showing up in the paychecks of the works so it must be flowing up towards the top.

    • Unless TFA (didn't read) says Aleynikov was backed by a government, my guess is he was self-employed or being paid by a mafia organization. Look, it can be a Russian mafia if you want. Other than that, his surname isn't much evidence.

    • It's funny... I normally find myself loathing companies like Goldman Sachs for hyper-selfish capitalism, finding ways to get rich at taxpayer expense, etc.

      That's not due to capitalism, it's due to statism (having a government that goes way beyond its mandate). You can't fault companies for taking advantage of government perks, because if they don't, they can't compete in the marketplace. Again, the solution isn't more government regulation (which also has loophoes), but less (none!).

      • Re: (Score:2, Interesting)

        by CrazyDuke ( 529195 )

        I damn sure can fault them when they are the architects of said perks. Last I checked [opensecrets.org], Goldman Sachs "donates" quite heavily in DC.

      • Re: (Score:3, Insightful)

        So basically you argue that:

        • Citizens have to obey ethic rules
        • Governments have to obey ethic rules
        • Legislators have to obey ethic rules
        • companies can do anything they like

        Again, the solution isn't more government regulation (which also has loophoes), but less (none!).

        Look at what happened to failed states [wikipedia.org] like Somalia and Sudan. Warlords. Pirates. Al-Qaeda.

    • Re: (Score:3, Informative)

      by demachina ( 71715 )

      Good point but Goldman Sachs deserves to be loathed. They are behind some of the most malevolent behavior that has damaged our economy while they profit dating back to the Great Depression. They were probably a leading creator of the housing bubble and crash which has wiped out trillions of dollars of average peoples wealth. They are also leading commodity manipulators, they have a letter from the U.S. government exempting from commodity laws to prevent speculation. They may be partially responsible for

  • by Antidamage ( 1506489 ) * on Monday July 06, 2009 @07:40AM (#28593203) Homepage

    Pure evil partnered with Linux?

    I'm pretty sure that can't happen. I'm going to pray to Linus for guidance.

    • by neomunk ( 913773 ) on Monday July 06, 2009 @08:23AM (#28593629)

      Linux isn't GOOD by nature. It's not BAD either.

      It's like The Force, you see. All around us, binding our processes behind the scenes in ways it takes an enlightened eye to perceive. There is always Linux prodding along the information swirls and eddies that make up our modern lives, unconcerned with the nature or usage of said information.

      Windows is like The Force too, except I've never heard a Windows acolyte preach any path other than the quicker, easier, more seductive one...

      • Re: (Score:3, Funny)

        It's like The Force, you see. All around us, binding our processes behind the scenes in ways it takes an enlightened eye to perceive.

        Wait, so does that mean that in 20 years, you're going to tell us that Linux is actually made by invisible creatures that can only be detected with special equipment?

  • by jonnyj ( 1011131 ) on Monday July 06, 2009 @07:40AM (#28593209)
    I can't read the original article so I might be inferring something incorrect. But who on earth though it was a good idea to give internet access to someone with access to valuable source code? Whatever happened to role based access restrictions?
    • Re: (Score:3, Insightful)

      by u38cg ( 607297 )
      Possibly because in that position you need internet access to do your job.
      • Re: (Score:3, Interesting)

        by jonnyj ( 1011131 )

        You don't need internet access that is in any way shared with your development work. Completely sandboxed internet access in a totally locked down thin client session might be OK, but you certainly don't need to be able to upload data to remote servers. If you think you do, you need to go and read up about segregation of duties.

        But I don't expect you to agree. Your signature displays more about your attitude to the world than you perhaps realise.

  • Proving theft.. (Score:5, Interesting)

    by MosesJones ( 55544 ) on Monday July 06, 2009 @07:40AM (#28593213) Homepage

    Its hardly surprising that this sort of code is highly valuable but the challenge is surely going to be proving that it was actually stolen. If they have a bash history that doesn't include the IP addresses but just shows that he created a tar ball then where is the proof that he actually stole anything at all?

    The original is of course still there, what he took is a copy, so you can't show something is missing.

    They currently don't know where it has gone, so they can't prove that a copy was moved outside the firewall successfully

    If he hasn't yet sold the stuff on they can't prove there was a financial benefit linked to the theft

    So how will they prove beyond a reasonable doubt that some actual theft has gone on?

    Its not like he has just lobbed it on Bit-torrent or posted it to Wikileaks. What he has done is taken a copy of the code, which means its Intellectual Property and copyright issues rather than "simple" theft and therefore they really need to prove (surely) that he has done something with the code.

    Should be interesting to see how the police "generate" and prove the evidence on this one.

  • by Tei ( 520358 ) on Monday July 06, 2009 @07:45AM (#28593255) Journal

    Probably people that would do something similar, will never touch that code, for fear of be "tainted".

    And anyway.. most code create new stuff that is worthy a patent. But not because most programmers are genius, but because the patent system is crap. No one sould care about what is on that code, because any professional can recreate the code anyway with the same features. There are not "sacred" code in this world. More the other stuff... Is really hard to make other people look at your code. The bussines type of guys dont want to look at your code. The users don't want to look at your code. Often, others programmers don't want to look at your code. Maybe is more valuable and interesting the features, and the documentation, the analysys of the problem, than the fucking source code. I do like to read source code, but I am one in a million (of programmers) and theres probably around 7 million programmers, so probably theres only another 7 dudes like me :-I

  • Non-story (Score:5, Informative)

    by Anonymous Coward on Monday July 06, 2009 @07:47AM (#28593293)

    GS's code for program trading is all written in a proprietary programming language called slang and relies on a proprietary database (secdb).

    The install for that is a hell of a lot bigger than 32 MB, so this is probably just a few trading algorithms that a pissed-off developer has copied away.

    It will be largely useless without the slang and secdb components and will be totally unsafe to trade off without a sufficient source of historic data and reference data, correctly formatted and loaded into secdb.

    The idea that this leak is likely to be in any way materially damaging to GS is frankly a joke to anyone with even a passing knowledge of how these systems really operate.

    But don't let that get in the way of your paranoia about how the world works.

    • Re: (Score:3, Interesting)

      by Anonymous Coward
      Well done, sir. I was thinking about just the same (slang/secdb).

      Of course, it wont be easy to install the whole system and then put those bits of code he stole on it and run it. But it is entirely possible those algos were not his, but coming from some of the very important core modules. It can still carry a large value.
    • Re:Non-story (Score:5, Insightful)

      by MadFarmAnimalz ( 460972 ) * on Monday July 06, 2009 @08:34AM (#28593719) Homepage
      It will be largely useless without the slang and secdb components

      If you didn't have a python/java/$LANGUAGE interpreter and no python/java/$LANGUAGE documentation you'd probably still be able to glean the logic and algorithms from the code. The trade secret is the algorithms not the computer instructions representing them.

    • Re:Non-story (Score:5, Interesting)

      by anothy ( 83176 ) on Monday July 06, 2009 @08:54AM (#28593919) Homepage
      i have a somewhat-better-than-passing knowledge of how these systems work. i'm very unconvinced by your explanation.

      you seem to be assuming the intent would be to out-compete Goldman by re-implementing this system, perhaps with some changes/optimizations. for that, sure, you'd need the rest of the environment. but a good understanding of the algorithm and implementation could be obtained without the rest of the environment (like i can read C# code and extract the algorithms without having the rest of the environment). that seems like it would be enough to game Goldman's system (which is a sizable part of the system overall).

      note that i am not asserting that this is a catastrophe for Goldman, just that your explanation isn't convincing. i will, however, agree with a previous poster that Goldman's sudden absence from NYSE's 15 most active members [nyse.com], rather than being #1 as they had for a good while, is very suspicious.
  • The article keeps referring to what was stolen as "codes". Does that mean "source code" or are they talking about some kind of access codes or authentication keys or something, like the way people call their bank PIN their "secret code" ?
    • The article keeps referring to what was stolen as "codes". Does that mean "source code" or are they talking about some kind of access codes

      I noticed that too. Nowhere in the article does it actually say "source code". It just says things like:

      "being held on federal charges of stealing top-secret computer trading codes"
      "the codes Sergey Aleynikov tried to steal"
      "Federal authorities allege the computer codes and related-trading files that Aleynikov uploaded"

      Of course, the guy writing this article ma

  • by lxs ( 131946 ) on Monday July 06, 2009 @08:03AM (#28593417)
  • Considering that they got about $13 billion of our taxpayer money as part of the AIG bailout, I'd say that software belongs in part to us too.
  • by Anonymous Coward on Monday July 06, 2009 @08:04AM (#28593429)

    "The world's most valuable source code could be in the wild."

    Duke Nukem Forever? Oh joy.

  • by Sits ( 117492 ) on Monday July 06, 2009 @08:13AM (#28593531) Homepage Journal

    If I were a rival to Goldman Sachs I would be terrified of someone offering me Goldman's source code. If I use it and Goldman find out then I'm in a world of trouble. If I use it but Goldman don't know for a bit AND the person who offered it knows I used it, then they can blackmail me. Even if I don't use it there could be expensive legal battles to prove my innocence ("Exhibit A shows the same loop variable counter is used in these two different source code bases." "?!"). How do I know it's not a trap? It would be like someone offering the secret of Coke to Pepsi - what do you expect Pepsi to do? Use the secret? What if they like their product more?

    Obviously there must be another angle if this situation is true to drive someone to actually do it. I just can't figure it out at the moment.

    • Actually, Pepsi and Coke know each other's formulas. Have since the early nineteen hundreds. There's nothing really secret about the formula, it's just that people who prefer one to the other are already entrenched with marketing, and there isn't any incentive to switch brands on something that is exactly identical. As long as they've got slightly different tastes, they don't have to get into a price war.

      Oh, and the KFC "secret blend of eleven herbs and spices"? All marketing. All that they really use

    • by zarkill ( 1100367 ) on Monday July 06, 2009 @08:53AM (#28593897)

      It would be like someone offering the secret of Coke to Pepsi - what do you expect Pepsi to do?

      that very thing happened a few years ago - http://news.bbc.co.uk/2/hi/business/5152740.stm [bbc.co.uk]

      pepsi declined the offer and reported it as a theft of trade secrets.

    • Crooks aren't always that smart. The guy may have the plan of "I take code, sell it to rival, I make millions," having not thought the practical matter through. As another poster noted, the Pepsi/Coke thing DID happen and what they did was contact the FBI.

      While this isn't quite the same situation here, I'm betting the result would be the same. No legit corp wants to be involved in shit like this. It just wouldn't make sense and you'd stand to lose WAY more than you'd stand to gain. So they'd ignore the guy

  • by bartwol ( 117819 ) on Monday July 06, 2009 @08:18AM (#28593571)

    I worked for a financial services company that had similar types of systems. The legal department and security people were always concerned about people stealing our source code.

    But their fears were unfounded. Why? Because the source code is highly customized code that not only implements thoroughly non-standards-based algorithms, but is also tightly coupled to underlying hardware/software platforms (and the non-standardized APIs of their peer systems). The result: you can't run it anywhere but on the infrastructure of the company for which it was built. Sure, you could pull out a subroutine here or there. But overall, it's pretty worthless stuff.

    Humorously, we had a large, difficult, multi-year project to port our code to a newer hardware platform (same O.S. and language tools). I joked that we should post all our source code on the web for free unencumbered download, and if somebody could get it to run on the newer (or any other) platform, we could pay them $2 million for their effort and still come out way ahead in the deal. Everybody laughed and agreed that that would be a dream come true.

    • Re: (Score:3, Interesting)

      by anothy ( 83176 )
      you're only looking at reputable players here. sure, BofA won't touch GS's code, for a host of very good reasons like those you describe. but for someone looking to game GS's system, being able to run the code is totally unimportant: just reading it could likely be enough to extract exploitable characteristics.
      • Re: (Score:3, Interesting)

        by bartwol ( 117819 )
        Nope. You're unlikely to find interesting stuff there. The trading strategies mostly exist in the heads of traders, sometimes on their spreadsheets, sometimes in VB on their desktops, but rarely in the data centers.

        It's easy to think of these companies as monoliths, but it's not like that at all. Most of them have grown through acquisition. The systems of the acquired companies are only loosely integrated into core systems. And you'd be surprised how competitive and autonomous their traders are...each one

  • $ sftp && kill -9 `/sbin/pidof `/bin/basename $SHELL``

    Unless the shell is modified to append commands to the history file *before* executing them (as far as I know, no shell does that out of the box), or the system is hardened (exec() logging etc.), this will take care of any history logs.

  • by ChoboMog ( 917656 ) on Monday July 06, 2009 @08:44AM (#28593811)

    So the question, where are the 32MB of encrypted files that Sergey uploaded to a German server?

    Rapidshare?

  • by jollyreaper ( 513215 ) on Monday July 06, 2009 @08:54AM (#28593911)

    I think it's wonderful that the code has been reintroduced to the wild. Looks like their captive breeding program has been quite a success!

  • a convenient fire (Score:3, Interesting)

    by rs232 ( 849320 ) on Monday July 06, 2009 @09:02AM (#28594015)
    'This week's NYSE Program Trading report was very odd .. what was shocking was the disappearance [blogspot.com] of the #1 mainstay of complete trading domination (i.e., Goldman Sachs) from not just the aforementioned #1 spot, but the entire complete list. In other words: Goldman went from 1st to N/A in one week'

    US v Sergey Aleynikov, Violations of 18 U.S.C $$ 1832(a) (2), 2314, & 2

    "ALEYNIKOV claimed, however, that he only intended to collect "open source" files on which he had worked, but later realized he had obtained more files than he intended. ALEYNIKOV aslo admitted that he has uploaded files from his work desktop from home. ALEYNIKOV claimed he did not distribute any of the proprietary software that he obtained from the Financial Institution, and further claimed that he has abided by an agreement he entered into with his new employer not to use any unlicensed software"
  • by guacamole ( 24270 ) on Monday July 06, 2009 @09:23AM (#28594211)

    I believe disabling bash's history logging into a file is as easy as typing :

    HISTFILE=

    at the prompt. In other words, he was probably one command line away from being detected..

  • by Anonymous Coward on Monday July 06, 2009 @09:35AM (#28594333)
    Based on the Rolling Stones article [rollingstone.com] I was able to reverse engineer the core Goldman Sachs trading algorithm:

    #include
    int main( int argc, const char* argv[] )
    {
    pump();
    dump();
    }
  • by 140Mandak262Jamuna ( 970587 ) on Monday July 06, 2009 @09:41AM (#28594387) Journal
    Had it been Vista, this guy would have been busted long back by, "You are trying to steal the valuable source code from your employer. Cancel or allow?" dialog.
  • by Mister Whirly ( 964219 ) on Monday July 06, 2009 @10:41AM (#28595119) Homepage
    Here is a copy of the code in it's entirety -

    Buy Low
    Sell High
  • by cpu_fusion ( 705735 ) on Monday July 06, 2009 @02:04PM (#28598023)

    Found a post on ACM by someone with same name as the accused. Looked like a person with research background in Neural Networks. No idea if it is the same person, but it would be intriguing to me if Goldman Sachs was using neural networks for trading.

    One interesting facet: if two or more counterparties in a market had neural networks that were trained to coordinate and cooperate in ways that would violate trading rules (e.g. like bridge players sharing info through actions), would the company be liable if the neural networks had developed these exchanges by themselves? In other words, would it be an instrumentality for violating the law if it learned, on its own, to violate the law, and the programmers / administrators "had no idea" it was doing that?

  • by jackspenn ( 682188 ) on Monday July 06, 2009 @05:01PM (#28600383)
    Listen I am going to drop a huge bombshell on how GS makes their money and it has nothing to do with source code or trading. Ready?

    Step 1: Buy Republicans
    Step 2: Hedge investment and buy Democrats
    Step 3: Create illusion that there is a difference between above to avoid discovery that you own both. Get people to vote for their party each election, one thing you don't want is for people catch on and vote against all incumbents which you are heavily invested into and who have been there long enough to feel comfortable bending rules or outright breaking law.
    Step 4: Make money trading stocks, bonds and commodities using leverage from 1,2,3 and 5.
    Step 5: If nobody to buy, have former GS executives run. See Corzine - D - NJ Governor and Paulson - R - Former Treasury Secretary.
    Step 6: If GS fails to make money on step 4, get politicians to bail you out indirectly to avoid blame. For example get them to bailout your failing investment AIG, then have AIG kick you back the $20 billion you gave them. Sure take direct bailout money, but give it back should public try to regulate GS salaries or demand transparency.
    Step 7: Act like you are better at making money because you are really really smart and it has nothing to do with the fact that you are in a position to change the rules. Look down on little people and small businesses trying to compete while playing by rules.
    Step 8: As if making money trading actual items by influencing markets/politicians isn't profitable enough, kick it up a notch and make money trading ... wait for it ... nothing. Call it Cap 'n Trade, make people think it will help environment, knowing that in truth it will not cut back on global pollution, that it will ship manufacturing to other countries along with jobs. Tell people it doesn't tax them and will create jobs (I mean with all the money GS execs will be making they can higher more gophers to get them coffee and they will be going out in NYC to eat expensive meals and that will employ aspiring actors ... I mean waiters). Don't tax/charge people directly just tax companies, services and products the people cannot do without. When prices go up on those things blame the very companies that GS and US federal government are robbing with a pen (guns are so small time) and say it is their ... wait for it ... "selfish greed". Have system in place so the shares of nothing you are trading become more and more rare over time to ensure you get larger and larger pay outs and hope US public is to stupid to vote out every paid politician you had in your pocket to vote for it. Rememeber avoid and deflect, blame the other side.
    Step 9: If questioned or called out, act as if there is no way the person pointing out truth could possibly understand the complexities of the system and therefore and unqualified to comment. If person is in energy production label them greedy capitalistic ways". If somebody from any other sector of economy comes forward to detail insanity of scam, I mean legislation, label them a racist or proclaim they don't care about ... wait for it ... "the children". If person is using slashdot then mod them -1 TROLL.
    Step 10: Goto Step 1.

"Remember, extremism in the nondefense of moderation is not a virtue." -- Peter Neumann, about usenet

Working...